Conferences and supporting programme
Security in Manufacturing: Closing the Backdoor in IoT Products
It is common for system developers to pay a lot of time and attention to developing secure products and ensuring that their devices are difficult to exploit in the field. Unfortunately, security in the build process and supply chain receives much less consideration. Developers can buy the most secure (and expensive) IC on the planet to protect their encryption keys, but it won't do any good if an attacker can break into their contract manufacturer and pull the keys of the flash programmer used to program the IC. Similarly, nothing on the IC or in the product being build can stop an attacker from walking into an engineer's office and pulling the source code off their computer. In this paper, we will discuss the various attack vectors present in the process of designing, building and testing IoT systems. For each vulnerability, we will discuss techniques to prevent or mitigate security concerns and the various costs of doing so. Throughout the paper, we will illustrate fundamental problems and solutions with specific examples from the world of IC manufacturing. In addition to discussing the various points of attack and countermeasures, we will also discuss the purposes of each attack and how what you are trying to protect influences how you protect it. For example, protecting a proprietary algorithm so a competitor cannot copy it is very different from trying to prevent someone from tampering with the code being loaded onto a device during board test. Along the way, we will spot some overlaps between manufacturing security and system security and show how some of the most cost-effective security improvements address both areas at the same time. We'll discuss general principles that apply to securing both the supply chain and the product itself. Finally, we will explore some easy things to look for to ensure the components and vendors you choose aren't insecure by design.
--- Date: 27.02.2018 Time: 2:30 PM - 3:00 PM Location: Conference Counter NCC Ost